At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Position Summary

CVS Health is seeking a seasoned Network Security Engineer to deliver engineering support for critical security controls across a hybrid infrastructure.  You will work within a collaborative engineering team to deploy, automate, secure, and maintain large-scale network security controls in Agile/Scrum environments.  This is an opportunity to work on cutting-edge technologies within a collaborative team, ensuring the resilience and integrity of the data on CVS Health’s enterprise network.

Core Responsibilities

Hybrid Security Environment Operations

• Engineer, maintain, and troubleshoot security controls across:
• Public cloud environments (AWS/Azure/GCP)
• Container platforms (Kubernetes, Docker, service mesh)
• Physical network infrastructure (datacenter switches, routers, appliances)
• Virtual machine–based systems (ESXi, KVM, cloud VM workloads)
• Integrate security architecture seamlessly across on-prem, cloud, and hybrid deployments.

Engineering & Operations

• Deploy and administer security controls including: Palo Alto Networks firewalls, Panorama, Cisco Firepower/FTD and Cisco ASA, Forescout NAC, NDR platforms: Cisco Secure Network Analytics, Vectra AI, FortiNDR, etc.
• Engineer and optimize IPSec VPNs, IKE policies, tunneling architectures, and hybrid connectivity.
• Automate network and security operations using Ansible, Terraform, and supporting scripts (Python/Bash).
• Perform Linux administration tasks related to network-security tooling.

Routing, Policy & Architecture

• Engineer and maintain policy-based routing, segmentation, and enterprise firewall rulebases.
• Support BGP/EBGP connectivity.
• Develop security standards and enforce architectural guidelines.

Cloud & Container Networking

• Engineer and troubleshoot cloud-native networking/security.
• Work with Kubernetes networking, service mesh architectures (Istio, Envoy), and CNI plugins (Calico, Cilium/Isovalent).
• Enable secure workload-to-workload communications in microservices environments.

Monitoring, Hardening & Incident Response

• Support incident response for network-security controls.
• Harden network, cloud, and container environments.
• Develop operational dashboards, compliance reporting, and documentation.

Collaboration & Process

• Document architectures, runbooks, and engineering standards.
• Participate in Agile/Scrum workflows using Jira.
• Collaborate with networking, cloud, and cybersecurity teams.

Required Qualifications

• 7+ years’ experience in network or network security engineering.
• 7+ years of hands-on experience with multiple: Palo Alto Networks, Cisco Firepower/ASA, Forescout NAC, IPSec, IKEv1/IKEv2, PKI, Routing Integration, Policy-based routing, EBGP, etc

• 7+ years of experience with Linux systems administration and network automation (Ansible, Terraform).
• 5+ years of experience with NDR platforms: Cisco SNA, Vectra AI, FortiNDR.

Preferred Qualifications:

• Experience with cloud networking/security, container networking, and Kubernetes.
• Familiarity with Istio, Envoy, Calico, Cilium/Isovalent, and CNIs.
• Scripting skills (Python, Bash).
• Relevant certifications: PCNSE, CCNP Sec, CISSP, GIAC.

Education:

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$130,295.00 - $260,590.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 12/22/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.